SIP issue with PIX 6.2(2)

Unanswered Question
Apr 21st, 2008

Hi Sir,

I have a PIX-525 running version 6.2(2). Recently end-user reported their SIP calls across this PIX fail to work.

I get the users test their applications while I turned on "debug sip". I couldn't see any SIP-related messages except the following:

2008-04-22 12:42:05 Local4.Info Apr 22 2008 12:42:03: %PIX-6-106015: Deny TCP (no connection) from to flags PSH ACK on interface outside

The following fixup commands are already in place by default:

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol sip 5060

I have checked the conduit, static, route, and timeout statements. All seem okay.

Below is Release Notes of PIX 6.2(2):

I notice SIP-related bugs in the Open and Resolved Caveats. I'm not sure if I'm hitting any of those bugs because I'm not getting any SIP messages from "debug sip".

Please advise.

Thank you.


Lim TS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Tue, 04/22/2008 - 01:50

Hi Toh

I assume the error you encounter usually happens in two conditions.

1) Most probably your NAT statement for traffic to does not exist.

2) Source and destination are on different interfaces which has the same security level and "same-security-traffic permit inter-interface" is not enabled


dongdongliu Tue, 04/22/2008 - 02:07


but version 6.2(2) do not support same-security-traffic permit inter-interface.



This Discussion